Support for Authorize attribute

Apr 29, 2014 at 9:26 PM
I just attempted to add Active Directory role based authorization to my MvcCoderouting ApiController (.NET Framework 4.0) by decorating my actions with the [Authorize(Role=@"domain\ADgroup")] attribute.

I am in an Intranet environment (Domain controller/Web Server on Domain) and have checked my web.config for the following:
<authentication mode="Windows" />
<roleManager defaultProvider="AspNetWindowsTokenRoleProvider" enabled="true">
      <clear />
      <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider"/>
The Authorize attribute appears to be completely ignored.
Apr 29, 2014 at 9:40 PM
To rule out possible AD config issues, I added a

if(User.IsInRole(@"domain\group")) {

code switch at the beginning of the action just to confirm that functions properly - it does.
Apr 29, 2014 at 11:29 PM
MvcCodeRouting doesn't do anything related to authorization.